Consumers in the developed world have come to trust the safety of their food. However, many have little concept of the conditions under which their food was grown, processed, stored or transported. Outbreaks of illness caused by contaminants in the food supply, such as E. coli or salmonella, are unsettling to the public confidence in a safe food supply – particularly when the root causes of such illnesses prove difficult to locate.
Such a loss of trust can be costly for food producers and providers, both in terms of brand and product reputation and the bottom line. Take, for instance, last fall's E. coli outbreak, which caused 205 cases of illness and was linked to three deaths nationwide. This outbreak resulted in significant brand and economic impact for California spinach growers.
As food companies assess their enterprise risks, protecting the reputation of their brands and products should assume high priority. By exploring a unified, cross-functional view of food defense, food companies can create a strategy to lower their identified enterprise risk while optimizing the available resources and minimizing redundancy.
The food industry's myriad of compliance rules and regulations can serve as an example to security directors in other vertical markets: Are there regulations in your industry? Are they being followed? Take a look at how the highly-visible food industry tackles the issue.
The Start of the Change
Food industry veterans have seen many changes over the years: changes in the way we protect our products and assets, and changes in the expectations of the regulatory and other governmental agencies concerning that protection. Prior to 2001, food companies generally assigned responsibility for product integrity to those persons or departments charged with food safety issues. A company's physical security plan, if it existed, would primarily be concerned with protection of its people and assets. While a physical security plan would most likely provide some added protection to the integrity of the product, in the form of food security, this protection was simply an added benefit rather than a designed function of the security plan. During this time, food companies gave little consideration to physical security techniques to protect the integrity of food products.
In late 2001 and early 2002, the Food and Drug Administration (FDA) and the United States Department of Agriculture (USDA) began to recognize the differences between “food safety” and “food security.” The FDA issued its first publication of food security guidelines in January 2002. In April 2002, the USDA, through the Food Safety Inspection Service (FSIS), began issuing security guidelines for the segments of the food industry it regulated. The U.S. Coast Guard, U.S. Customs and the Department of Homeland Security (DHS) quickly followed suit with their own food security recommendations and regulations, and Homeland Security Presidential Directives 5, 7, 8 and 9, issued between 2002 and 2004, define the food industry's role in national security.
Food Defense Makes Its Debut
In early 2005, the term “food defense” first appeared in conversations with governmental and regulatory agencies. It was not immediately apparent to the food industry that this new term would mark a change in how companies would be expected to protect their products in the future.
In a March 29, 2006, broadcast to food safety and food defense professionals, titled “Food Defense Awareness,” co-sponsored by the FDA and Centers for Disease Control and Prevention (CDC), the FDA's Dr. David Acheson gave a brief history of the term, stating that it came about because of confusion caused by the term “food security.” In many countries, the term means “an adequate food supply” and didn't necessarily reflect on the security of the food products. Thus, the less ambiguous term “food defense” was coined. The Food and Drug Administration's Food Defense Terms and Acronym List defines “food defense” as follows:
“The collective term used by the FDA, USDA, DHS, etc. to encompass activities associated with protecting the nation's food supply from deliberate or intentional acts of contamination or tampering. This term encompasses other similar verbiage (i.e., bioterrorism (BT), counter-terrorism (CT), etc.).”
Therein lies the issue. The current definition of food defense deals only with protecting the food supply from terrorist activities and deliberate contamination. But why would companies not pull together all of their available resources to protect the product, the brand and, collectively, the food supply of the United States, regardless of the circumstances by which it is endangered?
Expanding the View of Food Defense
What if we looked at food defense in the same way we address employee safety in a company? Safety is something for which all personnel are responsible. Every department, every discipline and every person is accountable for providing a safe working environment. The penalties for non-compliance or non-involvement can be severe. The concept of food defense can be, and should be, just as encompassing.
Using a food safety plan to identify and mitigate unintentional product contamination risks, and a food defense plan to do the same for intentional contamination, will lead to redundancies in the plans. In addition, having separate food safety and food defense plans may not adequately address all of the risks of product contamination and, as a result, may create gaps in the protective shield. A more comprehensive plan would address all risks, from the field to the fork.
There is certainly a precedent for taking a broader view. The March 2003 version of the FDA's Food Producers, Processors, and Transporters: Food Security Preventive Measures Guidance (www.cfsan.fda.gov/~dms/secguid6.html) contains 112 bullet points that outline the types of issues the food industry might consider when developing measures to minimize risks to the food they produce. Realistically, implementation of all of these suggestions would require the cooperation of multiple departments, including security, human resources, operations, quality assurance, maintenance, medical, administration and senior management. The FSIS Security Guidelines for Food Processors (www.fsis.usda.gov/OA/topics/SecurityGuide.pdf), dated April 2002, would require that similar levels of cross-discipline agreements be put in place.
If we assume that we should coordinate all of our efforts to control the safety, security and integrity of our products, then we should accept the premise that this is what food defense should become. This would require a new definition of “food defense,” as “Activities associated with protecting food products and the nation's food supply from intentional and unintentional contamination.”
Employing a Cross-Functional View
Many food companies are taking significant steps to protect their products; however, because those steps are not traditional security measures or techniques, they are probably not being labeled as “food defense initiatives.” Almost every department, function or discipline within some companies already has some role in food defense, even though they may not identify it as such.
In a typical food processing plant, a number of different departments or disciplines impact the manner in which food products are protected. Here are a several examples:
* Quality Assurance : Oversees food safety programs, quality testing, product recall plans and federal Bioterrorism Act compliance.
* Security : Designs and implements physical security controls and the security plan for the facility. It conducts investigations and ensures compliance with security rules and procedures.
* Human resources : Implements hiring practices (running background investigations, choosing temp agencies) and security work rules. Enforces disciplinary actions for security breaches and oversees security training.
* Information Services : Maintains security for confidential business information, formulas, business plans, and other business secrets or proprietary information.
* Operations : Maintains physical security programs and security guards and identifies, investigates and reports on security breaches and alarms. It enforces shipping and receiving policies and provides security for raw and finished materials storage. Additionally, it maintains control of contractors, including fumigation personnel and their chemicals; and it maintains plant security awareness. Finally, it supervises temps, contractors and other employees.
* Sanitation : Oversees cleaning and sanitizing equipment, often with little or low-level supervision.
* Medical : Observes the general health of the workforce, benchmarks normal medical issues, reports on suspicious illnesses and coordinates information with local and national health agencies.
* Administration : Controls visitors and contractors, and the operation of mailroom and postal/overnight deliveries.
* Plant management : Provides support, priorities, guidance, oversight and resources for all food defense initiatives. It coordinates outreach to local, state and federal regulatory and law enforcement agencies.
You can begin moving toward a coordinated food defense program by identifying, in your own organizations, the roles each department already plays in food defense. After you've identified the departments, functions or disciplines that play a part in food defense, form a committee consisting of representatives from each of them.
Creating the Plan
The committee should first inventory existing processes to determine their applications to food defense — specifically, review the process flow in the company's production and look at existing controls that can be adopted. Charting this flow, with the existing key controls already outlined and adopted, can help to naturally align functions for a common goal and encourage ownership of the food defense plan.
The committee should then work together to determine what might be improved. During this phase, the use of risk analysis studies and tools such as CARVER+S (see sidebar) would be appropriate to help identify these issues. The committee would then recommend best food defense practices to each of the departments, functions or disciplines so that much of the food defense response could be standardized throughout the company.
Developing Support and Strategy
A company's food defense strategy should leverage the strengths provided by cross-functional participation. A strategy that crosses many of the existing lines between functions, however, can pose formidable challenges for any company. Success will require both leadership and commitment at a high level within the organization.
Once the plan is in place, it must be practiced and audited on a regular basis to remain viable. As the company and its workforce changes, the training of new people and recognition of their roles in the food defense plan must remain at a consistently high level. In addition, the plan itself must be fluid enough to be easily updated in response to a new threat.
A Comprehensive Effort
Food defense is a much bigger issue for a company than simply “protecting the food supply from deliberate or intentional acts of contamination.” It is a compilation of all the efforts needed to protect the products – and therefore the business – from anything or anyone that could harm them. To accomplish this, four goals must be met:
1. Define the term “food defense” more broadly to include both intentional and unintentional contamination.
2. Identify the existing functional capabilities that should be included in a company's cross-functional food defense plan, and then determine the additional efforts needed.
3. Implement a food defense plan that not only uses a cross-functional strategy, but is established as a priority program, with the highest levels of executive support throughout the company.
4. Review and audit the program on a regular basis to ensure compliance.
A broader view of food defense provides an opportunity to expand the definition and methodology of how food companies protect their products. As food companies continue to identify the enterprise risks associated with their business, certainly, the protection of the products, the brands and the good name of the company should assume a high priority. Changing the ways in which we define and plan for food defense can give the industry a vision to follow while providing those protections.
William L. Ramsey is corporate director of security for McCormick & Company Inc. He serves as Chairman of the Food Defense Committee of the Food Products Association (formerly the National Food Processors Association) and in 2003 he was awarded the first NFPA Security Award. Mr. Ramsey also participates on numerous industry and governmental committees related to food defense. He is a member of the CSO Security Executive Council.